Privacy policy

KindLink privacy policy

Last revised on: 15 August 2018

KindLink Ltd (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a company registered in England and Wales under company number 09867441 and have our registered office at 75 Christian Court Rotherhithe Street, London, United Kingdom, SE16 5UA. For the purpose of the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018 (the “Act”), we are the data controller.

This privacy policy (“Policy”) (together with our Terms of Use and any other documents referred to on it) sets out the basis on which we will process any personal data or usage information we and our related companies collect from you, or that you provide to us, in connection with your use of our website at www.kindlink.com (the “Website”). This Policy also applies to any of our other websites that post this Policy. This Policy does not apply to websites that post different statements.

Please read the following carefully so that you understand your rights in relation to your personal data, and how we collect, use and process your data. If you do not agree with this Policy in general or any part of it, you should not access the Website. We draw your attention in particular to “International Data Transfer” and “Email Communications”. By visiting www.kindlink.com and charity.kindlink.com you are accepting and consenting to the practices described in this policy.

WHAT WE COLLECT

We get information about you in a range of ways, including “personal data”, which shall, for the purposes of this Privacy Policy have the meaning given to it in the GDDR and the Act.

Information You Give Us. Personal Data is any information that relates to an identified or identifiable individual. The Personal Data that you provide directly to us through our Sites will be apparent from the context in which you provide the data. This includes information provided when you report a problem with our Site, information you provide when you register to use our Site as well as other user-generated content, such as information provided when you participate in discussion boards or other social media functions on our Site and other information you directly give us on our Site.

Based on your consent, we collect personal data:

When you make a donation using the KindLink donation platform. This includes data we collect for the purpose of processing the donation and, eventually, Gift Aid: Name, Surname, email address, postal address, phone number, credit/debit card details.

When you create an account with KindLink. We will ask you for your Name, Surname and email address, phone number.

For the purpose of delivering on our contracts with our users, you will have a KindLink account ready for you, which you will consent to use (or not), based on your name, surname, and email address. The account will be password protected. In this case, we make sure that our users (your employers) have all necessary notices and consents in place to enable the lawful transfer of the Personal Data from our User to KindLink for the purpose of delivering on our contract and our user can demonstrate on request such notices and consents.

When you get in touch with us on the website - we will collect your name, email address and phone number through secure online forms.

In all these circumstances, you will be able to review our Terms and Conditions and Privacy Policy via a hyperlink during the process.

Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log your computer operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site, user’s IP address, mobile network information and device information.

Cookies. We use "cookies" to collect information about your browsing activities over time and across different websites following your use of our services. Cookies are small data files stored on your hard drive by a website. By using our website, users consent to our use of Cookies. We use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them). They allow us to recognize and count the number of users and to see how users move around the Website when they are using it. They help us to improve the services we provide to you and the way the Website works so that we can provide you with a more personal and interactive experience on our Website. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.

Feedback. If you provide feedback to us, we will use and disclose such feedback, provided we do not associate such feedback with your personal data. We publish user feedback from time to time. If we choose to post your first and last name along with your feedback, we will obtain your consent prior to posting your name with your feedback. We will collect any information contained in such feedback and will treat the personal data in it in accordance with this Policy, provided that we will contact you in regards to such feedback.

Our Relationship with Social Networking Sites. The Site includes interfaces that allow you to connect with social networking sites (each an “SNS”). We work with the SNS’s application protocol interface in a way that allows you to authorise us to access your account on that SNS on your behalf. In order to provide this authorisation, you do not provide us with your user name or password to the SNS, but you will need to log-in to that SNS directly. Once authorised by you, the SNS provides us a token that allows the SNS to recognise us when we ask, on your behalf, for access to your account information. You can revoke our access to any SNS at any time by amending the appropriate settings from within your account settings on the applicable SNS.

USE OF PERSONAL INFORMATION

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law, including individual users’ consent to the use of their data. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate business interests. We also use Personal Data to complete payment transactions and to provide payment-related services to our Users.

Our legitimate business interests include:

to operate, maintain, and improve our sites, products, and services.

to respond to comments and questions and provide customer service.

to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.

to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

to provide and deliver products and services customers request.

We may send you email marketing communications about KindLink products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.

SHARING OF PERSONAL INFORMATION

KindLink does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.

Service providers. We share Personal Data with a limited number of our service providers. For instance, we will share Personal Data with Stripe for the purpose of processing online donations, through secure HTTPS enabled channels. You can review Stripe’s Privacy Policy here. We also share Personal Data with SendGrid for the purpose of communicating with you about the status and use of your KindLink account (not marketing). You can review SendGrid's Services Privacy Policy here. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protecting the security and confidentiality of Personal Data they process on our behalf.

Our Users and third parties authorized by our Users. We share Personal Data with Users as necessary to maintain a User account and provide the Services, only if you have consented to this. For instance, you can choose whether you want to share your details (and for which purpose) with the Charity User you make a donation to. We will also share Personal Data through HTTPS enabled channels for the purpose of claiming Gift Aid when instructed to do so by you and our Charity Users.

Compliance and harm prevention. We share Personal Data as we believe necessary:

to comply with applicable law, or payment method rules;

to enforce our contractual rights;

to protect the rights, privacy, safety and property of KindLink, our users, our customers, you or others;

to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence; and

protect the safety of our employees and agents, our users, our customers, or any person as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

WHERE DO WE STORE YOUR PERSONAL DATA

The information that we collect from you will be transferred to, and stored at/processed in the EEA. Your personal data is also processed by staff operating in the US, who work for us our partner Stripe. Such staff are engaged in, among other things, the processing of your donations details. Stripe comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the US. Stripe Inc. is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. For more, see Stripe’s Privacy Shield Policy

SECURITY AND RETENTION

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately at

If you are a KindLink User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your KindLink account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our partners. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

We will retain data on your use of the www.kindlink.com wesbite, which will store your information in an aggregate and anonymized format.

We review all data periodically, whether held electronically on their device or on paper, to decide whether to destroy or delete any data once the purpose for which those documents were created is no longer relevant. If we’ve emailed or contacted you, we will keep your details for 36 months after the last contact we have had and restrict processing afterwards.

YOUR RIGHTS

The Act gives you the right to access information held about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without any undue delay. If you wish to exercise this right in accordance with the Act, please contact use at .

Where you have provided your personal data to us with your consent, you have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller.

In certain circumstances, you have the right to ask us to delete the personal data we hold about you:

where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to use our Website);

where we are processing your personal on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;

where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data’ or

where you believe the personal we hold about you is being unlawfully processed by us.

In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:

where you believe the personal data we hold about you is inaccurate and while we verify accuracy;

where we want to erase your personal data as the processing is unlawful but you want us to continue to store it;

where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or

where you have objected to us processing your personal data based on our legitimate interests and we are considering your objection.

In addition, you can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.

To exercise any of these rights above, please contact our Data Protection Officer at . In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.

Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals our intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data.

We will acknowledge the request within 24 hours of receipt, and endeavour to handle it within 15 days of receipt.

LINKS TO OTHER SITES

The Services may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.

WITHDRAWAL OF CONSENT

Where you have provided your consent for us to process your personal data, you can withdraw your consent at any time by taking steps regarding how to “opt-out” as specified in our marketing emails. Even if you opt out, we will still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

In case you wish to withdraw your consent as part of a contract with one of our Business users, you will have to liaise with the Business User.

In any circumstances, you can let us know that you’re withdrawing your consent by emailing us at .

OBJECTION TO MARKETING

With your consent, we will send you marketing emails and newsletters. At any time you have the right to object to our processing data about you in order to send you promotions and marketing, including where we build profiles for such purposes, and we will stop processing the data for the purpose.

COMPLAINTS

In the event that you wish to make a complaint about how we process your personal data, please contact in the first instance our Data Protection Officer at and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU in which you live or work where you think we have infringed data protection laws.

OUR POLICY ON CHILDREN

KindLink is not directed to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at . We will delete such information from our files within a reasonable time.

CONTACT INFORMATION

We welcome your comments or questions about this privacy policy. You may also contact us at our email address: . You can also write to our DPO at .

CHANGES TO THIS PRIVACY POLICY

We may change this privacy policy. If we make any changes, we will change the Last Updated date above.